InfoSec Team Lead

Are you ready to join the API revolution?

Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong's service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter.

Follow us on LinkedIn for more "Life at Kong" nuggets! 2020 Kong Summit Highlight Video

About the role

This position will work with engineering, product, and IT teams across the company to design, improve, and implement good security posture. The ideal candidate will possess experience across multiple security domains with a focus in cloud and AWS, be a trusted advisor to engineering teams across the org. While some security implementations will be done by the security team, we also serve as consultants and guides to other teams, asserting them in securing their tech stacks and pipelines.

This position will be a tech lead role, meaning that it encompasses technical leadership in addition to technical knowledge. This will include leading other teams by technical excellence, as well as leading technical projects and coordinating with other people and teams to drive forward goals.

What you'll be doing

• This role will be the first individual contributor role on this Information Security team and will encompass helping in building out our Information Security program, identifying gaps, and prioritizing remediation's. This role will include designing security plans and implementing some. For others this role will serve as a cross functional tech lead, driving forward change in the organization. This role will serve as a "rising tide to lift all ships".
• The technical aspects of this role will include providing guidance on cloud infrastructure, network, application, and data security. Our "north star" will be moving towards Infrastructure and Security as Code, using CI/CD pipelines and similar tools.
• This role will also contribute to implementing security architecture, methods, and controls required to meet security, compliance, and audit requirements.
• And any additional tasks required by your manager.

What you'll bring

• This team has a wide remit. These qualifications would all be great, however if you don't have all of them, please feel free to apply anyway.
• 5+ years in Information Security or a related team.
• Knowledge of network based, system level, and application layer attacks and mitigation methods.
• Hands on experience in both production security and internal corporate security.
• Hands on experience with microservices and container orchestration, preferably Kubernetes.
• Familiarity with AWS tools and systems including EKS, IAM, EC2, S3Familiarity with log aggregation and automated analysis.
• Familiarity with static analysis.
• Familiarity with network and application security (OWASP), infrastructure hardening, security baselines, web server, and database security.
• Hands on experience with the development, deployment, and automation of security solutions with CI/CD in AWS environment.
• Experience in leading cross-functional technical projects.
• Development experience in at least one language. Python and/or Go preferred.
• What is a Konger? (see our company values below…)

We are a group of makers, thinkers, and doers focused on helping today's developers build tomorrow's technology. Our teams work on the bleeding edge of API innovation to provide our users with a central nervous system for data and services.

We put design at the heart of everything we do, and we're relentlessly focused on creating beautiful experiences for our customers. That's why technology companies, major banks, e-commerce innovators, and government agencies put Kong in front of their most important web applications.

We believe in the power of Open Source and everything it stands for. That's why developers around the world enthusiastically contribute on top of our open-source platform.

We are passionate about solving challenges that will fundamentally shape the future of technology, and we're looking for the right people to join us on our mission. If you believe in taking ownership of your work, making an impact, and having fun along the way, we would love to talk to you.

Kong core values

Global - We work together from anywhere to achieve our common goals. Our differences make us stronger. We seek to understand different points of view and their implications on work.

Real - We are genuine, principled and confident without an attitude. We seek to understand our own strengths and vulnerabilities. We understand the effect of external factors on ourselves and we manage our own emotions and understand the effect they have on other people.

Unstoppable - We are biased towards action and decision, we persevere and always go the extra mile. We understand how to prioritize and work with urgency and focus. We are self-motivated and exhibit a high personal drive.

Champion - We listen and speak up for customers, community, partners and each other. We have an ability to provide feedback that is specific, constructive and fact-based. We listen, are able to receive feedback without taking it personally and we look at our own performance in order to improve.

Explorer - We challenge the status quo by discovering, innovating, failing fast and learning. We are self-directing and use creativity when solving problems that may be complex and ambiguous. We are adaptable, able to navigate and solve problems, especially in times of rapid change and high-ambiguity.